- Jul 1, 2017
- 1,396
Here is an interesting paper published by the International Journal of Information Security from August 2015. Yes, almost two years ago but the subject is still relevant?
Can modern antiviruses, antimalware handle concurrent attacks?
Feature Settings Check for Desktop Solutions » AMTSO
The key is to download as many samples as you simultaneously. Usually, an antivirus will detect and stop single files. But, if your computer is being flooded by multiple malware files, it might skip over some of them. I think handling concurrent attacks is a serious issue in a new age where we have persistent threats and ransomware attacking a host from multiple angles which is why layered security (anti-exe, sandbox, firewall, HIPS) is so important. But still...
Can your antivirus handle concurrent attacks? If yes, What are you using? If not, are other programs kicking in gear when your AV skips files?
Can modern antiviruses, antimalware handle concurrent attacks?
In this paper, we want to check how the AV behaves under pressure. We make the AV extremely busy in order to bypass its detection. We test several commercial AVs against three scenarios: when data flow from the hard drive (HD) into the main memory (reading), when data flow from the main memory into the HD (writing), and when data flow through the network (sending and receiving). This paper shows that when the AV is overloaded, some malwares can evade detection (in the reading scenario) and enjoy the existence for much more time on the HD (in the writing scenario). Finally, we show that the AVs (or at least the ones we tested in this paper) do not check network data as long as they are not written to or read from the HD.
This paper is bringing something up that has a big influence on what antivirus I choose. And to test the solution I use, I just run a simple test of flooding my computer with harmless test files from here:
Feature Settings Check for Desktop Solutions » AMTSO
The key is to download as many samples as you simultaneously. Usually, an antivirus will detect and stop single files. But, if your computer is being flooded by multiple malware files, it might skip over some of them. I think handling concurrent attacks is a serious issue in a new age where we have persistent threats and ransomware attacking a host from multiple angles which is why layered security (anti-exe, sandbox, firewall, HIPS) is so important. But still...
Can your antivirus handle concurrent attacks? If yes, What are you using? If not, are other programs kicking in gear when your AV skips files?